A personal computer (PC) at the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu was infected with a malware on September 4, the Nuclear Power Corporation of India Limited (NPCIL) admitted on Wednesday but said the systems at the atomic power plant have not been affected.
The admission by the NPCIL, which operates the nuclear power plant in Tirunelveli district, comes a day after KKNPP dismissed as “false information” reports that the atomic power plant came under cyber-attack recently after an expert in the field said he had alerted about the “intrusion” to the government.
Though NPCIL’s statement does not mention that the target of the cyber-attack was the KKNP, the admission corroborates with the version of cyber threat intelligence analyst Pukhraj Singh who had on Tuesday made public the news that attackers might have managed to get domain controller-level access at KKNPP.
“Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019. The matter was immediately investigated by DAE specialists,” the NCPIL said in a statement, without mentioning the name of KKNPP, whose system was targeted.
Domain controller and control systems of the power plant are entirely different, and the cyber-attackers didn’t have any access to the “critical internal network” that runs the systems inside the power plant built with Russian assistance.
The statement said the investigation revealed that the infected PC belonged to a user who was connected in the internet connected network used for administrative purposes.
“This is isolated from the critical internal network. The networks are being continuously monitored. Investigation also confirms that the plant systems are not affected,” the statement added.
A well-known cyber expert, who wished to remain anonymous, told DH that getting access to the domain controller doesn’t mean one can shut down the plant.
“It is possible only if someone physically transfers the virus from the domain controller to the control systems of the plant using a USB drive, which is impossible. The fact that one of the systems was attacked itself is serious, but the only solace is the attackers could not get access to the control systems,” the expert said.
The issue came to the public domain after several users on Twitter claimed that a data dump on VirusTotal, a virus tracking website, suggested that Lazarus, the North Korea-based hacker group, might have gained access to some of the systems at KKNPP.
A cyber expert, who wished to remain anonymous, said the attack seems to have been carried out by using a “muted variant” of the virus 'DTRACK' that can give administrative control of the infected system to the virus’ creator.
The issue also gave an handle to environmentalists to attack the government on safety of the nuclear plant. “The acceptance of cyber-attack in NPCIL systems by NPCIL only confirms the worst fears that Nuclear reactors are not only prone to natural disasters but also to cyber-attacks. The callous manner in which NPCIL dealt this issue even furthers the fears,” Poovulagin Nanbargal, an environmental organisation, said.
It also asked the state and Central governments to investigate the cyber-attack and bring the culprits to task and demanded that the permission given for further expansion of reactors be revoked.
KKNPP had on Tuesday said some false information was being propagated on the social media platform, electronic and print media with reference to the cyber-attack on Kudankulam Nuclear Power Plant.
“This is to clarify that KKNPP and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and internet. Any cyber-attack on the Nuclear Power Plant control system is not possible. Presently KKNPP unit 1 & 2 are operating at 1000 MWe and 600 MWe respective without any operational or safety concerns,” R Ramdoss, Training Superintendent & Information Officer, KKNPP, had said.
KKNPP is the single largest nuclear power station in the country built at a cost of Rs 17,270 crore with an installed capacity of 6,000 MW of electricity. While the unit 1 was synchronised with the southern power grid on October 22, 2013, the second unit attained criticality on July 10, 2016 and was synchronised with the electricity grid in August.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks